This has been going on for years. ICANN simply lets it hang out there. The only people to whom ICANN is responsive on this topic are those who believe registrants should be more readily subjected to these kinds of shakedowns.

“The policy appears to be implemented by most registrars in the form of an e-mail notification to registrants (even though it doesn’t have to be in email). By definition, these notifications include almost entirely public information. They’re therefore a first-rate phishing vector: For example, send a notification with slightly (but embarrassingly) wrong WHOIS data, give a link to fix the data, and hope that people will click that link and hand over the credentials that they’re using to manage their registration.”